Ip Pool group assignment
Giuseppina Venezia
giusy.venezia at gmail.com
Sat Aug 26 15:48:41 CEST 2006
Hi all,
I've tried to assign ip via ippool.
I have freeradius 1.1.2 and i use chillispot as captive portal and
OpenLdap to manage user.
When i log in directly with default user (user "prova" , defined in
users file) it seems to assign ip, but it really doesn't (the client
doesn't obtain the assigned ip address).
When i log in directly with an OpenLdap user, it says that can't find
Pool-Name attribute.
I will paste the output of "radiusd -X" whit the operation listed
above and the conf files.
Thanks in advance.
Giusy
radius -X -----------------------------------------------------------------------------
<!-- @page { size: 8.27in 11.69in; margin: 0.79in }
P { margin-bottom: 0.08in } --> Starting - reading configuration
files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=Manager,dc=mydomain,dc=it"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "xxxxxxx"
ldap: basedn = "ou=statistica,dc=mydomain,dc=it"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "userPassword"
ldap: groupname_attribute = "radiusGroupName"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusGroupName mapped to RADIUS Ldap-Group
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0x8139940
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded checkval
checkval: item-name = "Calling-Station-Id"
checkval: check-name = "Calling-Station-Id"
checkval: data-type = "string"
checkval: notfound-reject = yes
rlm_checkval: Registered name Calling-Station-Id for attribute 31
Module: Instantiated checkval (checkval)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Module: Loaded IPPOOL
ippool: session-db = "/usr/local/etc/raddb/db.ippool"
ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
ippool: range-start = 192.168.182.129 IP address [192.168.182.129]
ippool: range-stop = 192.168.182.254 IP address [192.168.182.254]
ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
ippool: cache-size = 800
ippool: override = no
ippool: maximum-timeout = 0
Module: Instantiated ippool (main_pool)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1043, id=0, length=215
User-Name = "prova"
CHAP-Challenge = 0x55e75e2624e19c07877bcf36aa16c024
CHAP-Password = 0x002dcc1e416cd9f6b116102c3c3f65de71
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.4
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Identifier = "nas01"
Acct-Session-Id = "44f032f900000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Message-Authenticator = 0x1dc4e649177a2b3eda2541fe0d773729
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "prova", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry prova at line 80
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prova
radius_xlat: '(uid=prova)'
radius_xlat: 'ou=statistica,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/xxxxxxx to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (uid=prova)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02
rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
modcall[authorize]: module "checkval" returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1
rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1
rlm_ippool: Allocating ip to nas/port: 0.0.0.0/1
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.182.231 to client on nas 0.0.0.0,port 1
modcall[post-auth]: module "main_pool" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 0 to 127.0.0.1 port 1043
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.231
Framed-IP-Netmask = 255.255.255.0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=0, length=130
Acct-Status-Type = Start
User-Name = "prova"
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "nas01"
Framed-IP-Address = 192.168.182.4
Acct-Session-Id = "44f032f900000001"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"44f032f900000001",User-Name = "prova"'
rlm_acct_unique: Acct-Unique-Session-ID = "6b96572558c4da26".
modcall[preacct]: module "acct_unique" returns ok for request 1
rlm_realm: No '@' in User-Name = "prova", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 1
modcall[preacct]: module "files" returns noop for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826
modcall[accounting]: module "detail" returns ok for request 1
modcall[accounting]: module "unix" returns ok for request 1
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'prova'
modcall[accounting]: module "radutmp" returns ok for request 1
rlm_ippool: This is not an Accounting-Stop. Return NOOP.
modcall[accounting]: module "main_pool" returns noop for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 0 to 127.0.0.1 port 1041
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 44f0331f
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 44f0331e
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=1, length=178
Acct-Status-Type = Stop
User-Name = "prova"
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "nas01"
Framed-IP-Address = 192.168.182.4
Acct-Session-Id = "44f032f900000001"
Acct-Input-Octets = 2333
Acct-Output-Octets = 7498
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 23
Acct-Output-Packets = 27
Acct-Session-Time = 6
Acct-Terminate-Cause = User-Request
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"44f032f900000001",User-Name = "prova"'
rlm_acct_unique: Acct-Unique-Session-ID = "6b96572558c4da26".
modcall[preacct]: module "acct_unique" returns ok for request 2
rlm_realm: No '@' in User-Name = "prova", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 2
modcall[preacct]: module "files" returns noop for request 2
modcall: leaving group preacct (returns ok) for request 2
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826
modcall[accounting]: module "detail" returns ok for request 2
modcall[accounting]: module "unix" returns ok for request 2
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'prova'
modcall[accounting]: module "radutmp" returns ok for request 2
rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1
rlm_ippool: Deallocated entry for ip/port: 192.168.182.231/1
rlm_ippool: num: 0
modcall[accounting]: module "main_pool" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 1 to 127.0.0.1 port 1041
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 1 with timestamp 44f03325
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:1043, id=0, length=216
User-Name = "user1"
CHAP-Challenge = 0x1669c921cccf393ea4c3cd6fb04cad51
CHAP-Password = 0x00998b87a9c04a1ae386929663e9f4fbff
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.4
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Identifier = "nas01"
Acct-Session-Id = "44f0332500000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Message-Authenticator = 0x8db3bf8679635fe3528607ab31299415
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 3
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=statistica,dc=mydomain,dc=it'
radius_xlat: '(uid=user1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (uid=user1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dAntonio
Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dAntonio
Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (&(radiusGroupName=professor)(|(&(objectClass=GroupOfNames)(member=cn\3dAntonio
Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dAntonio
Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group professor not found or user is not a member.
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user1
radius_xlat: '(uid=user1)'
radius_xlat: 'ou=statistica,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (uid=user1)
rlm_ldap: checking if remote access for user1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
C4-5A-5E-D0-1F-F4 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-16-C7-8F-A0-02 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user user1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02
rlm_checkval: Value Name: Calling-Station-Id, Value: C4-5A-5E-D0-1F-F4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02
modcall[authorize]: module "checkval" returns ok for request 3
modcall: leaving group authorize (returns ok) for request 3
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 3
rlm_chap: login attempt by "user1" with CHAP password
rlm_chap: Using clear text password a for user user1 authentication.
rlm_chap: chap user user1 authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 3
modcall: leaving group CHAP (returns ok) for request 3
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 3
rlm_ippool: Could not find Pool-Name attribute.
modcall[post-auth]: module "main_pool" returns noop for request 3
modcall: leaving group post-auth (returns noop) for request 3
Sending Access-Accept of id 0 to 127.0.0.1 port 1043
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=2, length=131
Acct-Status-Type = Start
User-Name = "user1"
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "nas01"
Framed-IP-Address = 192.168.182.4
Acct-Session-Id = "44f0332500000001"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 4
modcall[preacct]: module "preprocess" returns noop for request 4
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"44f0332500000001",User-Name = "user1"'
rlm_acct_unique: Acct-Unique-Session-ID = "03b237c32d98c65e".
modcall[preacct]: module "acct_unique" returns ok for request 4
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 4
modcall[preacct]: module "files" returns noop for request 4
modcall: leaving group preacct (returns ok) for request 4
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 4
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826
modcall[accounting]: module "detail" returns ok for request 4
modcall[accounting]: module "unix" returns ok for request 4
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'user1'
modcall[accounting]: module "radutmp" returns ok for request 4
rlm_ippool: This is not an Accounting-Stop. Return NOOP.
modcall[accounting]: module "main_pool" returns noop for request 4
modcall: leaving group accounting (returns ok) for request 4
Sending Accounting-Response of id 2 to 127.0.0.1 port 1041
Finished request 4
Going to the next request
Cleaning up request 4 ID 2 with timestamp 44f03347
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=3, length=179
Acct-Status-Type = Stop
User-Name = "user1"
Calling-Station-Id = "00-16-C7-8F-A0-02"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "nas01"
Framed-IP-Address = 192.168.182.4
Acct-Session-Id = "44f0332500000001"
Acct-Input-Octets = 2328
Acct-Output-Octets = 7447
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 23
Acct-Output-Packets = 26
Acct-Session-Time = 6
Acct-Terminate-Cause = User-Request
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 5
modcall[preacct]: module "preprocess" returns noop for request 5
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
"44f0332500000001",User-Name = "user1"'
rlm_acct_unique: Acct-Unique-Session-ID = "03b237c32d98c65e".
modcall[preacct]: module "acct_unique" returns ok for request 5
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 5
modcall[preacct]: module "files" returns noop for request 5
modcall: leaving group preacct (returns ok) for request 5
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 5
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826
modcall[accounting]: module "detail" returns ok for request 5
modcall[accounting]: module "unix" returns ok for request 5
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'user1'
modcall[accounting]: module "radutmp" returns ok for request 5
rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1
rlm_ippool: Deallocated entry for ip/port: 192.168.182.231/1
modcall[accounting]: module "main_pool" returns ok for request 5
modcall: leaving group accounting (returns ok) for request 5
Sending Accounting-Response of id 3 to 127.0.0.1 port 1041
Finished request 5
Going to the next request
--- Walking the entire request list ---
Cleaning up request 3 ID 0 with timestamp 44f03347
Cleaning up request 5 ID 3 with timestamp 44f0334d
Nothing to do. Sleeping until we see a request.
-----------------------------------------------------------------------------
Ldap user
================================
dn: cn=AntonioPiccolo,ou=faculty,ou=department,ou=statistica,dc=mydomain,dc=it
uid: user1
objectClass: top
objectClass: inetOrgPerson
objectClass: radiusprofile
sn: Piccolo
cn: AntonioPiccolo
structuralObjectClass: inetOrgPerson
entryUUID: 495881e0-addd-102a-9362-d731fc0d1eff
creatorsName: cn=Manager,dc=mydomain,dc=it
createTimestamp: 20060722145122Z
userPassword:: YQ==
radiusCallingStationId: C4-5A-5E-D0-1F-F4
radiusCallingStationId: 00-02-C7-8F-A0-16
radiusGroupName: professor
entryCSN: 20060826113921Z#000000#00#000000
modifiersName: cn=Manager,dc=mydomain,dc=it
modifyTimestamp: 20060826113921Z
----------------------------------------------------------------------------------------------------------
radius.conf
...........
modules {
...........
ldap {
server="localhost"
port="389"
identity = "cn=Manager,dc=uniroma1,dc=it"
password = P1PP3R0
basedn="ou=statistica,dc=uniroma1,dc=it"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "userPassword"
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
password_attribute = userPassword
groupname_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
}
....................
}
ippool main_pool {
range-start = 192.168.182.129
range-stop = 192.168.182.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
accounting {
detail
unix
main_pool
}
post-auth {
main_pool
}
---------------------------------------------------------------
users
prova Pool-Name:="main_pool", Auth-Type := Local, User-Password == "a"
Service-Type = Framed-User,
Fall-Through = no
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Ldap-Group == professor, Pool-Name :="main_pool"
Service-Type == Framed-User,
Fall-Through = no
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
--------------------------------------------------------------------------------------------
ldap.attrmap
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
checkItem User-Password userPassword
checkItem Auth-Type radiusAuthType
checkItem Simultaneous-Use radiusSimultaneousUse
checkItem Called-Station-Id radiusCalledStationId
checkItem Calling-Station-Id radiusCallingStationId
checkItem LM-Password lmPassword
checkItem NT-Password ntPassword
checkItem SMB-Account-CTRL-TEXT acctFlags
checkItem Expiration radiusExpiration
checkItem NAS-IP-Address radiusNASIpAddress
checkItem Ldap-Group radiusGroupName
replyItem Service-Type radiusServiceType
replyItem Framed-Protocol radiusFramedProtocol
replyItem Framed-IP-Address radiusFramedIPAddress
replyItem Framed-IP-Netmask radiusFramedIPNetmask
replyItem Framed-Route radiusFramedRoute
replyItem Framed-Routing radiusFramedRouting
replyItem Filter-Id radiusFilterId
replyItem Framed-MTU radiusFramedMTU
replyItem Framed-Compression radiusFramedCompression
replyItem Login-IP-Host radiusLoginIPHost
replyItem Login-Service radiusLoginService
replyItem Login-TCP-Port radiusLoginTCPPort
replyItem Callback-Number radiusCallbackNumber
replyItem Callback-Id radiusCallbackId
replyItem Framed-IPX-Network radiusFramedIPXNetwork
replyItem Class radiusClass
replyItem Session-Timeout radiusSessionTimeout
replyItem Idle-Timeout radiusIdleTimeout
replyItem Termination-Action radiusTerminationAction
replyItem Login-LAT-Service radiusLoginLATService
replyItem Login-LAT-Node radiusLoginLATNode
replyItem Login-LAT-Group radiusLoginLATGroup
replyItem Framed-AppleTalk-Link radiusFramedAppleTalkLink
replyItem Framed-AppleTalk-Network radiusFramedAppleTalkNetwork
replyItem Framed-AppleTalk-Zone radiusFramedAppleTalkZone
replyItem Port-Limit radiusPortLimit
replyItem Login-LAT-Port radiusLoginLATPort
replyItem Reply-Message radiusReplyMessage
------------------------------------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list